前言
通过API操作AWVS
新建任务
<api_key>:从AWVS控制台获取的API密钥
address:指定任务目标URL
description:指定任务描述
criticality:指定危险等级
0、10、20、30,默认值为10
request1
2
3
4
5
6
7
8
9
| POST http://<ip>:3443/api/v1/targets
X-Auth: <api_key>
Content-Type: application/json
{
"address": "<url>",
"description": "test",
"criticality": 10,
}
|
1
2
3
4
5
6
7
8
9
10
11
| {
"address": "目标地址",
"criticality": "危险程度",
"description": "描述",
"type": "类型",
"domain": "域名",
"target_id": "目标编号",
"target_type": "目标类型",
"canonical_address": "跟域名",
"canonical_address_hash": "跟域名哈希",
}
|
启动任务
profile_id:指定配置编号,任意指定
shedule:指定开始扫描的时间,不指定表示立即开始
report_template_id:指定扫描报告类型
target_id:指定上一步骤获取的target_id任务编号
request1
2
3
4
5
6
7
8
9
10
11
12
13
| POST http://<ip>:3443/api/v1/scans
X-Auth: <api_key>
Content-Type: application/json
{
"profile_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"shedule": {
"disable": false,
"start_date": null,
"time_sensitive": false,
},
"target_id": "<target_type>",
}
|
查看仪表盘
request1
2
3
| GET http://<ip>:3443/api/v1/me/stats
X-Auth: <api_key>
Content-Type: application/json
|
1
2
3
4
5
6
7
8
9
10
11
| {
"most_vulnerable_targets": "最脆弱的目标",
"scans_conducted_count": "总任务个数",
"scans_running_count": "正在扫描的任务个数",
"scans_waiting_count": "等待扫描的任务个数",
"targets_count": "总目标个数",
"top_vulnerabilities": "排名靠前漏洞分布",
"vuln_count_by_criticality": "通过危险程度进行漏洞等级个数分布",
"vuln_count": "漏洞总数",
"vulnerabilities_open_count": "开放的漏洞总数",
}
|
完成